The recording helps attackers determine the time lapse between the audible clicks to identify the distance between the key ridges. This information can be processed to create several likely keys.
Ensuring physical security in the information age has always been an issue of great concern. The latest research from the National University of Singapore’s computer science department further intensifies the debate by exposing the risks associated with smart locks.
Reportedly, a group of researchers, including Harini Ramprasad, Soundarya Ramesh, and Jun Han, have discovered a way to clone your lock keys using their designed software and a smartphone’s microphone.
The researchers have named the attack model as SpiKey. Using this model, they could determine how to shape a key that can open any tumbler lock.
The researchers’ trio revealed their findings at the International Workshop on Mobile Computing Systems and Applications’ event HotMobile 2020. They stated that if a hacker can install malware on your smartwatch, smartphone, or smart doorbell for recording audio from somewhere else, the attacker may not need to be physically close to the lock to carry out the attack.
According to the researchers, SpiKey will ‘significantly’ lower the bar for a hacker against the traditionally utilized lock-picking techniques. The method is relatively straightforward; they only had to insert the key into the lock and record the sound as the key moved past the tumbler pins.
Researchers published a paper [PDF] describing details of their hack. In the report, they explained that SpiKey could create 5.10 exact replicas of candidate keys on average from approx. 330,424 keys. Three candidate keys will be the most frequent case. So, instead of spending hours using lock-picking tools, a thief can try pre-made keys and quickly unlock the door.
The sounds that the lock pins make while the key moves over the ridges are vital to pulling off this hack. The recording helps the thief determine the time lapse between the audible clicks to identify the distance between the key ridges. This information can be processed to create several likely keys.
As a victim inserts the key into a door lock, an attacker can use the microphone of an already compromised smartphone to record the sounds the key makes soon after touching the pins. The hacker can use software for recreating the same conditions to replicate these noises and later fabricate a metal key for unlocking the door.
That’s exactly what SpiKey does; it uses a smartphone to record clicking sounds, decode them, and produce a key signature to make a new metal key. The researchers report that the secret to this hack is the fine-grained cut depths or bitting depths of the key that can differ by 15 milli-inches to 0.381 millimeters.
The hack relies on the tumbler pins of a lock. There six pins atop, and at the bottom are linked through a spring. The bottom pins correspond to the bittings length-wise. So, as the key is inserted, the bottom pins have to align with the top pins to unlock and create click sounds with each pin’s fall. A hacker can record these sounds to detect the timings and calculate their inter-ridge distances.
Insert the key, the bottom pins position correctly to align the top pins on a “shear line,” and the key can turn to unlock. The sound of each “click” as the pins fall is used to detect the timings involved and calculate inter-ridge distances “given a constant insertion speed.”
There are, however, several limitations to this technique. First, the attacker must know the type of lock the victim uses, and second, the insertion speed much be constant. That is, the speed at which the victim inserts the key into the lock should remain the same.
Researchers have already addressed these limitations too. They claim that if an attacker accesses the Ring, cloning the key would be easier, and they won’t need to listen to the sound.
Nonetheless, this attack is relatively easy to defeat. All you need to do is make sure no one is around when you are unlocking the door or making loud noises to prevent a hacker from recording the clicking sounds.
Watch the demonstration below:
Researchers plan to explore the hack from newer dimensions. Such as using compromising the victim’s smartwatch, smartphone, or door sensors equipped with a microphone to record with the better signal-to-noise ratio.
“We may also exploit long-distance microphones to reduce suspicion. Furthermore, we may increase the scalability of SpiKey by installing one microphone in an office corridor and collect recordings for multiple doors,” the researchers noted.